Organisations have an obligation for better data management and a new regime of fines will be introduced for use when an organisation is found to be in breach of the GDPR.
Businesses and organisations who provide services to other businesses and organisations under contract (called 'Processors' under GDPR) now have direct obligations under GDPR.
As organisations and businesses prepare for GDPR to come into force, they need to understand within their supply chain or associated companies if they are prepared for the regulation. A supplier will be subject to GDPR if they are a data controller or data processor, and have access to personal data information on an EEA/EU citizen. As part of due diligence, customers will want to verify with their suppliers whether they are ready for GDPR.
The Information Commissioner's Office (ICO) has lots of information about GDPR, what it means, and what steps need to be taken to prepare for the rules:
- specific guidance for small organisations: Information Commissioner's Office - Small organisations (opens in a new window)
- business advice line: 0303 1231113 option 4